Test Layout

When you are using the Get-AD* cmdlets to generate a list of users or other objects, it is a best practice to use the Filter parameter. When you use the Filter parameter, you pass a filter directly to Active Directory when you run the cmdlet. This is more efficient than retrieving a large list of objects and then filtering them with Where-Object. I was working through a query with Get-ADUser that would obtain a list of all disabled users from Active Directory except for two or three OUs. To do this, I was trying to use the Filter parameter as shown below. Get AD-User -Filter {(enabled -eq $false) -and (distinguishedname -notlike "*cn=users,dc=contoso,dc=com)} Looks good right? Unfortunately, the filtering based on the distinguished name didn't work. It turns out that you cannot use wildcards when filtering based on the distinguished name. I also tried using the CanonicalName property, but it is a calculated property generated by Get-ADUser. So, CanonicalName cannot be used for...

You may at some point have a need to query recently created mailboxes. This script queries mailboxes created within the last seven days. $date=(get-date).adddays(-7) Get-Mailbox –Filter {WhenCreated –gt $date} The logic of the script is this: Set the variable $date equal to the current date minus 7 days. Get a list of mailboxes with a WhenCreated attribute greater than the date 7 days ago You can use the same basic structure for other objects such as Active Directory users by substituting the Get-ADUser cmdlet for the Get-Mailbox cmdlet. $date=(get-date).adddays(-7) Get-ADUser –Filter {WhenCreated –gt $date} Update (Dec 2015): The above syntax actually doesn't work. Not sure how I missed it when I first wrote the post. Today when I was writing a script using this syntax, it returned all mailboxes no matter what. So, the $date variable wasn't being properly evaluated. I'm leaving the above example so that people can see what syntax not to use. Use the following syntax inst...

I ran into a first yesterday. As seems to happen on a somewhat regular basis, a client had a virus infected computer. One of tools I normally rely on is TDSSKiller.exe from Kaspersky. It removes most rootkits that infect the boot sector of a hard drive. And is one of the few that checks the boot sector of non-boot drives. So, you can use it when a drive is externally attached. In this case, TDSSKiller.exe identified Rootkit.boot.SST.b. When the software attempted to clean it, it didn't display an errors, but if you looked at the log it indicated that it couldn't be cleaned. Some web sites suggested downloading Kaspersky Rescue Disk to remove it. This is a bootable linux CD/USB image. Basically, it accomplishes the same thing as placing the drive in an external case. It prevents any malware on the drive from loading in the boot process. This tool also found the rootkit, but couldn't remove it. I also tried booting up in the XP recovery console and using FixMBR, which appeare...

Microsoft has publicly released Exchange 2013 Preview for download. I'll try to review some of the more interesting new features over the next few weeks. However, for those of you that like to play. Exchange 2013 Preview download: http://technet.microsoft.com/en-US/evalcenter/hh973395 Exchange 2013 Preview resources: http://technet.microsoft.com/en-US/evalcenter/hh973396  Exchange 2013 online help: http://technet.microsoft.com/en-us/library/bb124558(v=exchg.150) I shouldn't need to say this, but do not deploy this software in a production environment . This software is for testing only. Who knows what these schema extensions impact when you want to deploy the release version of the product.

The licensing for Exchange 2010 has been changed to allow multi-mailbox search with standard CALs instead of enterprise CALs. Previous to this change any mailbox searched with multi-mailbox search required an enterprise CAL. This is a pretty big deal for a few reasons. First, it's handy to use multi-mailbox search when recovering items for single item recovery. Much nicer interface than straight PowerShell. Secondly, it's also nice when users complains that they've lost a message and you can go a search their mailbox without connecting directly to their mailbox. You still need an enterprise CAL for personal archives, legal hold, per user/group journaling, and custom retention policies. The Exchange 2010 licensing page ( http://www.microsoft.com/exchange/en-us/licensing-exchange-server-email.aspx#Exchange2010CAL ) has been updated to show the change.

I recently updated the certificate for OWA on an SBS 2008 installation. That went fine and I deleted the old certificate. A few weeks later, we were informed that Remote Web Workplace was not working. When users attempted to connect to their computer they got a Javascript dialog box with error 50331688. The cause of the issue is a certificate not being installed for the Terminal Services gateway. The Terminal Services gateway is used by RWW. The fix is to select a valid certificate and then all is good. To fix the issue: Open TS Gateway Manager from Administrative Tools. In the left pane, right-click the server and click Properties . On the SSL Certificate tab, click Select an existing certificate for SSL encryption and click Browse Certificates . Select a valid certificate and click Install . Click OK to close the properties of the server. All done. It should begin working immediately.

Apparently a few years back, Dell started splitting large ISO files into smaller pieces to make downloading easier. The page I was downloading from said they needed to be joined, but did not provide the instructions. Here are the instructions for joining two DVD files (OM_6.5.0_SMTD_A01.iso.001 and OM_6.5.0_SMTD_A01.iso.002): Place the files to be joined in a separate folder. Open a command prompt and change to the folder containing the files. At the command prompt, type copy /b om* OM_650_SMTD_A01.iso and press Enter. This copies the two existing files into a single new file. Based on the file names, they should be selected in the correct order. However, if they are not, you can use this modified command that specifies the order: copy /b OM_6.5.0_SMTD_A01.iso.001+OM_6.5.0_SMTD_A01.iso.002 OM_650_SMTD_A01.iso

The Exchange Team has posted a nice series of blog articles about the details of backing up Exchange Server 2010. The articles discuss exactly how VSS backups work, backups of active database copies, and backups of passive database copies. The articles are here: http://blogs.technet.com/b/exchange/archive/2012/06/04/everything-you-need-to-know-about-exchange-backups-part-1.aspx http://blogs.technet.com/b/exchange/archive/2012/06/14/everything-you-need-to-know-about-exchange-backups-part-2.aspx http://blogs.technet.com/b/exchange/archive/2012/07/09/everything-you-need-to-know-about-exchange-backups-part-3.aspx

If you downloaded the most recent version (14.3.38.2) of the Exchange 2010 Management Pack released in June of 2012, it can cause mailboxes to be randomly quarantined. As of June 27th, the Management Pack has been pulled and will be released again when it is fixed. If you have already installed this management pack, there are some workarounds to disable the function that is quarantining the mailboxes. Information about version 14.3.38.2 of the management pack: http://blogs.technet.com/b/rmilne/archive/2012/06/19/updated-exchange-2010-scom-management-pack-june-2012.aspx Information about the problem and workarounds if you've installed it: http://blogs.technet.com/b/exchange/archive/2012/06/28/mailboxes-on-a-database-are-quarantined-in-an-environment-with-system-center-operations-manager.aspx

One of our guys was on site today installing a new HP M425 for a client. He unpacked the printer and everything worked great except for the scanning. All scanning was 100% black. He rechecked the whole unit and there was no packing material blocking the scanner. Nothing left to do but call HP support. HP support had him flash the firmware to the latest version and scanning began to work fine. Very very weird. I would never have guessed in a million years.

Many organizations want a single user to have multiple email addresses and would like the user to be able to select which email address to send as. In Exchange 2010 (and earlier versions) it's very easy to add multiple email addresses for a user. However, the sending is a problem. When multiple email addresses have been configured for a user, only one email address can be set as the primary/Reply To address. The primary address is the From address when sending a message. The user cannot select an alternate From address from their list of addresses. You can buy commercial software that enables this functionality ( http://www.ivasoft.biz/choosefrom2007.shtml ). However, for the cheap (ahem, cost sensitive) among us there is a workaround. For any secondary address you want to assign to a user, create a distribution group with that address. Make the user the only member of that group. Assign the user Send As permission for the group. It's not very scalable, but easy to do.

Windows 7 is more secure than Windows XP. That is a good thing. However, it's also annoying when you want to remotely manage a domain joined computer and it's not allowed by default. Windows Firewall in Windows 7 does not allow remote management even on domain joined computers. You need to create the exceptions that allow remote management of Windows. You generally want to: Allow ping. I'd like to see if the computer is up or not. Connect with Remote Desktop. It's nice to fix up desktop computers without going on site. Connect with Computer Management. Nice to see event logs remotely without logging on. Connect to the registry remotely. Nice to do reg edits without logging on locally and bothering the customer. In SBS 2011, much of this is done automatically by a Group Policy object created during installation. However, if you are using a normal edition of Windows Server then you need make the Group Policy object yourself. A blog post ( http://skatterbrainz.blogspot.ca/...

As part of a performance test for an application at a client, we needed to setup a temporary server running Windows Server 2008 R2 and SQL Server 2005. When you install SQL 2005, it indicates that IIS must be installed. Back in Windows Server 2003 this was easy because IIS was installed as a single lump. Starting in Windows Server 2008, IIS is installed as multiple role services. This makes it difficult to determine which role services are required. Here is a list of the IIS 7 role services that must be installed for SQL 2005: Common HTTP Features Static Content - Common HTTP Features Default Document HTTP Redirection Directory Browsing Application Development ASP.NET ISAPI Extension ISAPI Filters Security Windows Authentication Management Tools IIS Metabase IIS 6 WMI